NexGate
API reference

Account and billing endpoints

Authenticated endpoints for checkout, API keys, usage export, and safety settings.

Overview

These endpoints are used by the NexGate dashboard. They require an active session unless otherwise noted.

Warning

These are account endpoints, not OpenAI-compatible model endpoints. Use them from trusted server-side or authenticated dashboard flows.

Create checkout

Start a hosted checkout session for a credit pack.

API keys

Generate a key once and fetch masked key metadata later.

Usage export

Download the latest 1,000 usage logs as CSV.

Safety settings

Update low-balance alerts and spend safety limits.

Create checkout

POST https://api.nexgate.app/checkout

Creates a hosted checkout session for a credit pack.

Authentication

Requires an active session.

Request body

packIdstringrequired

One of builder, pro, team, or scale.

{
  "packId": "builder"
}

Success response

{
  "url": "https://checkout.nexgate.app/...",
  "sessionId": "cs_..."
}

The url is a short-lived hosted checkout page. Redirect the user to it to complete payment.

Credit packs

Pack IDNamePriceCredits
builderBuilder$25$30
proPro$50$60
teamTeam$100$120
scaleScale$200$250

Note

India-localized INR display is handled by the app UI. Credit balances and API billing remain USD-denominated.

Checkout errors

StatusErrorWhen
400Invalid pack IDpackId is not a valid credit pack
401UnauthorizedNo active session
404User not foundAuthenticated user has no NexGate account row
409capacity_exhaustedPlatform purchase capacity is sold out; no checkout session is created
503This pack is not yet configured. Please contact support.Selected pack is temporarily unavailable
500Failed to create checkout session. Please try again.Checkout session creation failed

API keys

NexGate supports multiple named API keys per account. Each key can have an optional expiry date, a per-key lifetime credit spend limit, and optional per-key hourly spend and request limits. Keys can be edited, rotated, and revoked after creation.

Create an API key

POST https://api.nexgate.app/keys/generate

Creates a new API key without affecting existing keys.

Request body

namestring

A label for this key (e.g. "Production server", "Cursor dev env"). Defaults to "Default Key" if omitted.

expiresAtstring

ISO 8601 datetime string. If omitted, the key does not expire.

creditLimitUsdnumber

Maximum cumulative lifetime spend allowed on this key, in USD. If omitted, no per-key lifetime limit is applied (your account balance limit still applies).

rateLimitUsdPerHournumber

Optional per-key hourly spend ceiling in USD. Enforced in addition to the account spend safety limit.

rateLimitRequestsPerHourinteger

Optional per-key hourly request-count ceiling. Enforced in addition to the account spend safety limit.

{
  "name": "Production server",
  "expiresAt": "2027-01-01T00:00:00.000Z",
  "creditLimitUsd": 50,
  "rateLimitUsdPerHour": 5,
  "rateLimitRequestsPerHour": 600
}

Success response

{
  "key": "ng-aB3kX9mQ7pLrD2vN5wYtCsZ",
  "name": "Production server",
  "expires_at": "2027-01-01T00:00:00.000Z",
  "credit_limit_usd": 50,
  "rate_limit_usd_per_hour": 5,
  "rate_limit_requests_per_hour": 600,
  "message": "Save this key — it will not be shown again."
}

Warning

The full key is only returned once at creation time. Store it in a server-side secret store immediately.

StatusErrorWhen
401UnauthorizedNo active session
404Account not foundAuthenticated user has no NexGate account row
429rate_limit_exceededKey generation rate limit reached (5 keys per hour)

List all API keys

GET https://api.nexgate.app/keys/generate

Returns all API keys for the authenticated user (active and revoked), each with its limits and usage statistics. The plaintext key and bcrypt hash are never returned.

{
  "keys": [
    {
      "id": "550e8400-e29b-41d4-a716-446655440000",
      "name": "Production server",
      "prefix": "aB3kX9mQ",
      "status": "active",
      "createdAt": "2026-05-09T16:00:00.000Z",
      "lastUsedAt": "2026-05-14T12:30:00.000Z",
      "expiresAt": "2027-01-01T00:00:00.000Z",
      "creditLimitUsd": "50.000000",
      "rateLimitUsdPerHour": "5.00",
      "rateLimitRequestsPerHour": 600,
      "total_requests": 1284,
      "total_spend_usd": "12.453000"
    }
  ]
}

The status field is derived: "revoked" if revoked_at is set, "expired" if past expires_at, otherwise "active".

Edit an API key

PATCH https://api.nexgate.app/keys/{keyId}

Updates a key's mutable metadata. Only fields present in the body are changed; pass an explicit null to clear an optional value. Edits apply only to keys owned by the requester.

{
  "name": "Renamed key",
  "expiresAt": null,
  "creditLimitUsd": 100,
  "rateLimitUsdPerHour": 10,
  "rateLimitRequestsPerHour": null
}
StatusErrorWhen
200Key updated
400validation errorInvalid field value (e.g. past expiry, non-positive limit)
401UnauthorizedNo active session
403Forbidden or key not foundKey does not exist or belongs to another user

Rotate an API key

POST https://api.nexgate.app/keys/{keyId}/rotate

Revokes the existing key and issues a replacement that retains the original key's name, expiry, lifetime credit limit, and both hourly limits. The new plaintext key is returned exactly once.

{
  "key": "ng-nEwR0tatedKeyVa1ueShownOnce",
  "message": "Save this key — it will not be shown again."
}
StatusErrorWhen
200Key rotated; new plaintext returned once
401UnauthorizedNo active session
404Key not found or already revokedKey does not exist, is already revoked, or belongs to another user

Revoke an API key

DELETE https://api.nexgate.app/keys/{keyId}/revoke

Revokes a specific key by its UUID. Revoked keys are rejected immediately on all subsequent API requests. DELETE https://api.nexgate.app/keys/{keyId} is an equivalent shorthand.

StatusErrorWhen
200Key successfully revoked
401UnauthorizedNo active session
404Key not foundKey does not exist, is already revoked, or belongs to another user

Usage export

GET https://api.nexgate.app/usage/export

Exports the authenticated user's latest 1,000 usage logs as CSV.

Response headers

Content-Type: text/csv
Content-Disposition: attachment; filename="nexgate-usage-YYYY-MM-DD.csv"

CSV columns

date,model,requested_model,prompt_tokens,completion_tokens,cost_usd,latency_ms,status
StatusErrorWhen
401UnauthorizedNo active session
404User not foundAuthenticated user has no NexGate account row
500Failed to export usageExport query or CSV generation failed

Safety settings

Low-balance alert threshold

PATCH https://api.nexgate.app/settings/alert-threshold

Set a low-balance email alert threshold, or use null to disable alerts.

{
  "threshold": 2
}
{
  "success": true,
  "threshold": 2
}

Validation: threshold must be null or a number from 0 to 100.

Spend safety limit

PATCH https://api.nexgate.app/settings/spend-safety-limit

Sets the hourly spend safety limit used by chat completions.

{
  "limit": 10
}

Use -1 for unlimited:

{
  "limit": -1
}

Validation: limit must be -1 or a finite number from 0 to 10000.

Note

Chat completions return 429 rate_limit_error when the configured hourly spend safety limit is reached.

Pricing explained

Learn how credit packs and request billing work.

Errors & Rate Limits

Review error codes and rate limit behavior.

Health

Public health check endpoint for application and database connectivity status.

Errors & Rate Limits

HTTP status codes, error shapes, rate limiting, and credit error handling for the NexGate API.

On this page

OverviewCreate checkoutAuthenticationRequest bodySuccess responseCredit packsCheckout errorsAPI keysCreate an API keyRequest bodySuccess responseList all API keysEdit an API keyRotate an API keyRevoke an API keyUsage exportResponse headersCSV columnsSafety settingsLow-balance alert thresholdSpend safety limit